Overview

overview

7

Static

static

3

2024-02-23...ia.exe

windows7-x64

1

2024-02-23...ia.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 11:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_fa711337eb219a5dc7401074a76f8da5_mafia.exe

  • Size

    1.8MB

  • MD5

    fa711337eb219a5dc7401074a76f8da5

  • SHA1

    1be1b0f5d30fcca256e3cfaf0f6ae9c93b17ed9b

  • SHA256

    d0f2524ab6ee6c4cf631c9153d95d83e21867efb304ef4d0b238449cb4d94124

  • SHA512

    69473e7e8c53110d54ae73c13ecb0f8a1ce34006d784a4dcee40941d8dd42e4c477fdb0a0c36a5de40a690573a567d0e5b06430f8f5bee42892c78420771fc8d

  • SSDEEP

    24576:20XDVrSe89cVFZbevPPO15qaMbNW2isv/G:20zVrKCPZqW3ORW2iS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_fa711337eb219a5dc7401074a76f8da5_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_fa711337eb219a5dc7401074a76f8da5_mafia.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:536
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:800

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\System32\alg.exe
          Filesize

          1.6MB

          MD5

          991e784aa119cf64e4fff6f13cb6197e

          SHA1

          4efddbecd74abfdcb8366f774aac27bc7856b4f3

          SHA256

          07267b8a5bbb607154a95a4a4088012633cf02fcbb9e2595d27934c8df2a61b0

          SHA512

          c810ba67675417776af53de05a2b2b4fa00ec310b316c087684ed09a7521b98c4504777a2b626e93228c1e9bb33af4da34e7f68bd175532e45d62fe73d17f986

          Download Submit

        • memory/536-0-0x0000000000400000-0x00000000006CD000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/536-1-0x0000000002520000-0x0000000002586000-memory.dmp

          Filesize

          408KB

          Download

        • memory/536-7-0x0000000002520000-0x0000000002586000-memory.dmp

          Filesize

          408KB

          Download

        • memory/536-15-0x0000000000400000-0x00000000006CD000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/800-16-0x0000000140000000-0x000000014029D000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/800-17-0x0000000140000000-0x000000014029D000-memory.dmp

          Filesize

          2.6MB

          Download